Differences

This shows you the differences between two versions of the page.

--- soft:openldap [2019/07/14 22:26]
phil created
+++ soft:openldap [2019/11/10 15:51] (current)
phil
@@ Line 11: / Line 11: @@
 </code>
+By default the server will use ''cn=config'', you can edit it with ldapvi:
+<code>
+ldapvi -Y EXTERNAL -h ldapi:// -b cn=config
+</code>
+To edit the tree as admin:
+<code>
+ldapvi -h ldap://server -D cn=admin,dc=example,dc=com
+</code>
+===== Security =====
+Disallow anonymous bind:
+<code>
+cn=config
+[...]
+olcDisallows: bind_anon
+</code>
+Enable TLS with starttls:
+<code>
+cn=config
+[...]
+olcTLSCertificateFile: /etc/ldap/ssl/fullchain.pem
+olcTLSCertificateKeyFile: /etc/ldap/ssl/privkey.pem
+</code>
+Force use of TLS
+<code>
+olcDatabase={1}mdb,cn=config
+[...]
+olcSecurity: tls=1
+</code>
+You can now connect with tls with:
+<code>
+ldapvi -ZZ -h ldap://server -D cn=admin,dc=example,dc=com
+</code>
+Disable read access to all by dropping the line ''olcAccess: {2}to * by * read'' in ''olcDatabase={1}mdb,cn=config''
+===== Replication =====
+Reset replication and copy whole database from a given server (rid)
+<code>
+slapd -d sync -u openldap -g openldap -h ldap://ldap3.example.com -c rid=000,csn=0
+</code>
+===== Backup =====
+<code>
+slapcat > dump.ldif
+slapcat -b cn=config > config.ldif
+</code>

philpep's wiki